This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
unit HookAPI; | |
interface | |
uses | |
Windows, TlHelp32, MicroDAsm; | |
const | |
SE_DEBUG_NAME = 'SeDebugPrivilege'; | |
THREAD_SUSPEND_RESUME = $0002; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
unit MicroDAsm; | |
interface | |
type | |
TREXStruct = record | |
B: Boolean; // Extension of the ModR/M r/m field, SIB base field, or Opcode reg field | |
X: Boolean; // Extension of the SIB index field | |
R: Boolean; // Extension of the ModR/M reg field | |
W: Boolean; // 0 = Operand size determined by CS.D; 1 = 64 Bit Operand Size |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Creating a node graph editor for ImGui | |
// Quick demo, not production code! This is more of a demo of how to use ImGui to create custom stuff. | |
// Better version by @daniel_collin here https://gist.github.com/emoon/b8ff4b4ce4f1b43e79f2 | |
// See https://github.com/ocornut/imgui/issues/306 | |
// v0.02 | |
// Animated gif: https://cloud.githubusercontent.com/assets/8225057/9472357/c0263c04-4b4c-11e5-9fdf-2cd4f33f6582.gif | |
// NB: You can use math functions/operators on ImVec2 if you #define IMGUI_DEFINE_MATH_OPERATORS and #include "imgui_internal.h" | |
// Here we only declare simple +/- operators so others don't leak into the demo code. | |
static inline ImVec2 operator+(const ImVec2& lhs, const ImVec2& rhs) { return ImVec2(lhs.x+rhs.x, lhs.y+rhs.y); } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
The MIT License (MIT) | |
Copyright (c) 2014 Tanay PrabhuDesai | |
Permission is hereby granted, free of charge, to any person obtaining a copy | |
of this software and associated documentation files (the "Software"), to deal | |
in the Software without restriction, including without limitation the rights | |
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
copies of the Software, and to permit persons to whom the Software is |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <Windows.h> | |
#include <Psapi.h> | |
#include <ntstatus.h> | |
#include <cstdint> | |
#include <functional> | |
#include <Shlwapi.h> | |
#include <winternl.h> | |
#pragma comment(lib, "ntdll.lib") | |
#pragma comment(lib, "Shlwapi.lib") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
HANDLE get_handle_to_process(LPWSTR process) | |
{ | |
HANDLE hProcess = NULL; | |
enumerate_handles([&](PSYSTEM_HANDLE_TABLE_ENTRY_INFO handle) { | |
if(GetCurrentProcessId() != handle->UniqueProcessId) return STATUS_UNSUCCESSFUL; | |
BOOL found = FALSE; | |
PVOID buffer = NULL; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
NTSTATUS enumerate_handles(ENUM_HANDLE_CALLBACK callback) | |
{ | |
NTSTATUS status = STATUS_UNSUCCESSFUL; | |
PVOID buffer = NULL; | |
ULONG bufferSize = 0; | |
do { | |
status = NtQuerySystemInformation((SYSTEM_INFORMATION_CLASS)16/*SystemHandleInformation*/, buffer, bufferSize, &bufferSize); | |
if(!NT_SUCCESS(status)) { | |
if(status == STATUS_INFO_LENGTH_MISMATCH) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include "stdafx.h" | |
#include "HideModule.h" | |
std::vector<UNLINKED_MODULE> UnlinkedModules; | |
void RelinkModuleToPEB(HMODULE hModule) | |
{ | |
std::vector<UNLINKED_MODULE>::iterator it = std::find_if(UnlinkedModules.begin(), UnlinkedModules.end(), FindModuleHandle(hModule)); | |
if (it == UnlinkedModules.end()) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include <subauth.h> | |
#include <stdio.h> | |
/* Windows structures */ | |
typedef struct _PEB_LDR_DATA { | |
BYTE Reserved1[8]; | |
PVOID Reserved2[3]; | |
LIST_ENTRY InMemoryOrderModuleList; | |
} PEB_LDR_DATA, *PPEB_LDR_DATA; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
struct OBJECT{ // The object to be serialized / deserialized | |
public: | |
// Members are serialized / deserialized in the order they are declared. Can use bitpacking as well. | |
DATATYPE member1; | |
DATATYPE member2; | |
DATATYPE member3; | |
DATATYPE member4; | |
}; | |
void write(const std::string& file_name, OBJECT& data) // Writes the given OBJECT data to the given file name. |
OlderNewer